I an constantly getting a pop up from a japanese porn site and the process it uses is MSHTA.exe. if i kill the process it pops up again after 15 or so mins. I have included my hijackthis log below also i ran process explorer on mshta and the command line under image is

Hi Gagraptor and welcome to TSG, my name is Mark and I will be helping you.

At the top of the Malware forum there is a notice Everyone MUST read this BEFORE posting for help in this forum.

As you have not followed that instruction this may be why you have not received a reply. Please go Here, follow ALL the instructions and post the logs that are requested.

DO NOT make any attempt to delete mshta.exe as it is a legitimate system file.

I would also like you to do the following and post the logs, as follows:
Put the logs into seperate posts if it makes it easier.

STEP 1
Run HijackThis, and press "Scan." When the scan is complete place a check mark next to the following entries (if they are still present): (Please be careful and do not check any other boxes)NOTE For Windows 7 and Vista you must turn off the User Account Control to allow HJT to run correctly.For Vista, click on Start and type User Accounts in the search box and hit Enter, click on Turn User Account Control on or off, uncheck the box to turn off UAC. For Windows 7 click on Start and type UAC in the box and hit Enter, then move the slider all the way to the bottom and click on ok.This action is not required for Windows XP.

After checking these items CLOSE ALL open windows except HijackThis and click "Fix Checked" to remove the entries you checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, close HijackThis.
If you receive an error message that indicates HJT cannot remove the entries please try disabling your security software.How to disable your security software
If after disabling your security software there is still a problem, this could be due to the Malware on your system.
Please confirm if the fix runs without a problem. If there is a problem tell me what has happened and post the details of any error messages.
Follow this by opening HJT, go to the Main Menu and Click on "Do a system scan and save logfile." When the log pops up in Notepad, copy and paste that file back here in your next reply.

Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.

Double-click on the renamed file to install, then follow these instructions for doing a Quick Scan in normal mode.

Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.

If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.

Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

Double click on the Malwarebytes icon on your desktop to launch the program

Under the Scanner tab, make sure the Perform Quick Scan option is selected.

Click on the Scan button.

When finished, a message box will say "The scan completed successfully. Click Show Results to display all objects found".

Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.

Make sure that everything is checked and then click Remove Selected.

When removal is completed, a log report will open in Notepad.

The log is automatically saved and can be viewed by clicking the Logs tab.

Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.

Exit Malwarebytes when done.

If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

Note: A 14-day trial of Malwarebytes Anti-Malware PRO is available as an option when first installing the free version so all users can test the real-time protection component for a period of two weeks. When the limited time period expires those features will be deactivated and locked. Enabling the Protection Module feature again requires registration and purchase of a license key that includes free lifetime upgrades and support. If you continue to use the free version, there is no requirement to buy a license...you can just use it as a stand-alone scanner.NOTE: Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).

I am sorry i forgot to add other logs. I have followed your instructions, i already had malwarebytes when i run it i get 3 trojans and i'm asked to restart after restarting when i run malwarebytes again i get the same 3 viruses. i am not able to run able to run gmer as my system freezes.
i'm including all the other logs. PS i also a virtual drive emulation s/w but cant find it to uninstall.

Ok, thanks for the logs. Please now follow this to run Combofix and post the log.

IMPORTANT
I see you have a P2P File Sharing Program installed on your system: uTorrent.
As long as you continue to use these types of programs you can expect to get infected.
P2P file sharing is one of the most common sources for picking up infections.
Please uninstall the program from your system in Programs & Features via the Control Panel.
If you insist in keeping it on your system then please DO NOT USE IT until we are finished.

STEP 1

NOTE: If you have already used Combofix please delete the icon from your desktop.

Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Click this link to see a list of such programs and how to disable them.

If ComboFix detects an older version of itself, you will be asked to update the program.

ComboFix will begin by showing a Disclaimer. Read it and click I Agree if you want to continue.

Follow the prompts and click on Yes to continue scanning for malware.

If using Windows 7 or Vista and you receive a UAC prompt asking if you want to continue running the program, you should press the Continue button.

When finished, please copy and paste the contents of C:\ComboFix.txt (which will open after reboot) in your next reply.

Be sure to re-enable your anti-virus and other security programs.

-- Do not touch your mouse/keyboard until the ComboFix scan has completed, as this may cause the process to stall or the computer to lock.-- ComboFix will temporarily disable your desktop, and if interrupted may leave it disabled. If this occurs, please reboot to restore it.-- ComboFix disables autorun of all CD, floppy and USB devices to assist with malware removal and increase security.
If you no longer have access to your Internet connection after running ComboFix, please reboot to restore it. If that does not restore the connection, then follow the instructions for Manually restoring the Internet connection provided in the "How to Guide" you printed out earlier.

Quote:

Do NOT use ComboFix unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, NOT for general public or personal use. Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again.This site, sUBs and myself will not be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read ComboFix's Disclaimer.

No surprise with that, I was not sure if Combofix would clear the problem but it has given more information to work from, this fix should clear it. There will be a few more things to do once the problem of the popups has gone so please stick with me until I say we are done.

We are now going to run ComboFix a different way.
Open Notepad by clicking on and in the Search box type: Notepad.exe and hit Enter.
Copy and paste everything in the code box below into it.-- Note: Make sure Word Wrap is unchecked in Notepad by clicking on Format in the top menu.

THIS THREAD HAS EXPIRED.
Are you having the same problem?
We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.